IDS mailing list archives
RE: IDS Common Criteria
From: "Greg van der Gaast" <greg.vandergaast () wanadoo nl>
Date: Tue, 7 Jan 2003 09:19:40 +0100
I have seen plenty of people with driving licenses who can't drive worth a ____. Same goes for CC accreditation. In my humble opinion, the problem with CC is that the evaluation is only as good as the evaluator. The standard itself is written is such abstract form (the word 'computer' doesn't even come up once in the 640+ page document except for one mention of 'Computer Aided Design') that in most cases numerous (all?) low-level technical vulnerabilities or shortfalls are overlooked. Perfect example is W2k being certified and MS releasing 3 critical patches to fix just certified components, the next day. Worse is that in this case MS deliberately left its customers vulnerable so it could get accredited and market their product as more secure. For commercial use I'd say, once again imho, it's worthless and its use as part of a security policy or management process should be avoided. Hope this helps. Regards, Greg -----Oorspronkelijk bericht----- Van: Talisker [mailto:talisker () networkintrusion co uk] Verzonden: Monday, January 06, 2003 7:14 PM Aan: focus-ids () securityfocus com; ids () mailman vet com au Onderwerp: IDS Common Criteria Hi all Sorry about cross posting this on the SF and Australian IDS list I received a marketing post this morning from Intrusion Inc saying that their SecureNetPro is the only IDS to have passed Common Criteria Certification, I was under the impression that another IDS vendor (ISS) had already achieved similar. Is there a RealSecure fan out there that could confirm this ? Outside Government and Military circles where I can see Common Criteria Certification being extremely useful, how valuable is it, ie within the financial sector etc ? More importantly what are it's failings? take care -andy Taliskers Network Security Tools http://www.networkintrusion.co.uk
Current thread:
- IDS Common Criteria Talisker (Jan 06)
- Re: [IDS] IDS Common Criteria Frederick M Avolio (Jan 07)
- Re: [IDS] IDS Common Criteria Randy Taylor (Jan 07)
- Re: [IDS] IDS Common Criteria Frederick M Avolio (Jan 07)
- Re: [IDS] IDS Common Criteria Randy Taylor (Jan 07)
- Re: [IDS] IDS Common Criteria Talisker (Jan 07)
- Re: [IDS] IDS Common Criteria Randy Taylor (Jan 07)
- RE: [IDS] IDS Common Criteria Greg van der Gaast (Jan 08)
- Re: [IDS] IDS Common Criteria Randy Taylor (Jan 07)
- Re: [IDS] IDS Common Criteria Frederick M Avolio (Jan 07)
- <Possible follow-ups>
- RE: IDS Common Criteria Greenspan, Howard (Jan 07)
- RE: IDS Common Criteria Alan Shimel (Jan 07)
- RE: IDS Common Criteria Joseph M Hoffman (Jan 07)